harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check code rights on cloud files

Browse Source
This commit is contained in:
zotlabs 2017-09-05 21:38:07 -07:00
parent 7dc99cb4a4
commit 2cce599fd7
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Zotlabs/Module/Attach.php
View File

@ -31,7 +31,7 @@ class Attach extends \Zotlabs\Web\Controller {
$unsafe_types = array('text/html','text/css','application/javascript'); $unsafe_types = array('text/html','text/css','application/javascript');
if(in_array($r['data']['filetype'],$unsafe_types)) { if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) {
header('Content-type: text/plain'); header('Content-type: text/plain');
} }
else { else {

2
Zotlabs/Module/Getfile.php
View File

@ -108,7 +108,7 @@ class Getfile extends \Zotlabs\Web\Controller {
$unsafe_types = array('text/html','text/css','application/javascript'); $unsafe_types = array('text/html','text/css','application/javascript');
if(in_array($r['data']['filetype'],$unsafe_types)) { if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) {
header('Content-type: text/plain'); header('Content-type: text/plain');
} }
else { else {

4
Zotlabs/Storage/File.php
View File

@ -254,7 +254,7 @@ class File extends DAV\Node implements DAV\IFile {
// @todo this should be a global definition // @todo this should be a global definition
$unsafe_types = array('text/html', 'text/css', 'application/javascript'); $unsafe_types = array('text/html', 'text/css', 'application/javascript');
if (in_array($r[0]['filetype'], $unsafe_types)) { if (in_array($r[0]['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) {
header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"'); header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');
header('Content-type: text/plain'); header('Content-type: text/plain');
} }
@ -300,7 +300,7 @@ class File extends DAV\Node implements DAV\IFile {
public function getContentType() { public function getContentType() {
// @todo this should be a global definition. // @todo this should be a global definition.
$unsafe_types = array('text/html', 'text/css', 'application/javascript'); $unsafe_types = array('text/html', 'text/css', 'application/javascript');
if (in_array($this->data['filetype'], $unsafe_types)) { if (in_array($this->data['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) {
return 'text/plain'; return 'text/plain';
} }
return $this->data['filetype']; return $this->data['filetype'];